By using vSphere IaaS control plane you can turn vSphere clusters to a platform for running Kubernetes workloads in dedicated resource pools in vSphere. Once enabled on vSphere clusters, vSphere IaaS control plane creates a Kubernetes control plane directly in the hypervisor layer. You can then run Kubernetes containers by deploying vSphere Pods , or you can create upstream Kubernetes clusters through the TKG and run your applications inside these clusters.
What to read next
What Is vSphere IaaS Control Plane? vSphere IaaS control plane to transform vSphere to a platform for running Kubernetes workloads natively on the hypervisor layer. When enabled on vSphere clusters, vSphere IaaS control plane provides the capability to run Kubernetes workloads directly on ESXi hosts and to create upstream Kubernetes clusters within dedicated namespaces called vSphere Namespace . What is a vSphere Namespace? vSphere Namespace sets the resource boundaries where vSphere Pods , VMs, and TKG clusters can run. As a vSphere administrator, you create and configure vSphere Namespaces through the vSphere Client. vSphere IaaS Control Plane User Roles and Workflows vSphere IaaS control plane involves two roles, the vSphere administrator and the DevOps engineer. The DevOps engineer is comprising the role of DevOps, application developer, and Kubernetes administrator. Both roles interact with the platform through different interfaces and can have users or user groups defined for them in vCenter Server with associated permissions. The workflows for the vSphere administrator and DevOps engineer roles are distinct and determined by the specific area of expertise these roles require. How Does vSphere IaaS Control Plane Change the vSphere Environment? Supervisor adds objects to the vCenter Server inventory, such as namespaces, vSphere Pods , and TKG clusters.Licensing for vSphere IaaS Control Plane Supervisor and how the license compliance, evaluation period, and license expiration work. vSphere IaaS Control Plane Identity and Access Management Supervisor and to manage vSphere Namespaces . You define permissions on namespaces to determine which DevOps engineers and developers can access them. You can also configure the Supervisor with an external OpenID Connect (OIDC) provider to enable multi-factor authentication. As a DevOps engineer or developer, you authenticate with the Supervisor by using either your vCenter Single Sign-On credentials or credentials from an OIDC provider depending on what your vSphere administrator has configured for you on the Supervisor . You can access only the vSphere Namespaces for which you have permissions.vSphere IaaS Control Plane Security vSphere IaaS control plane leverages vSphere security features and provisions TKG clusters that are secure by default.
